FDIC-Insured
- Backed by the full faith and credit of the U.S. Government
To report a lost or stolen debit card please call 407.545.2662 during normal operating hours. After hours, please call 1.800.500.1044 immediately or access www.visa.com
Our Bank Routing and Transit Number is: 063114661
You will be linking to another website not owned or operated by Cogent Bank. Cogent Bank is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. The inclusion of any hyperlink does not imply any endorsement, investigation, verification or monitoring by Cogent Bank of any information in any hyperlinked site. We encourage you to review their privacy and security policies which may differ from Cogent Bank.
If you "Proceed", the link will open in a new window.
You are leaving Cogent Bank and going to Cogent Private Wealth, a boutique advisory firm offering comprehensive financial planning and investment management services. Some of their products are NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY; NOT GUARANTEED BY THE BANK; and MAY LOSE VALUE.
If you "Proceed", the link will open in a new window.
Please note that by clicking on this email address, you are leaving the Cogent Bank website and accessing an external email platform. Cogent Bank has no control over the content of any communications contained within this platform and cannot be held responsible for any information exchanged. We caution users to be careful when sharing any personal or sensitive information via email, as it may be intercepted or misused by third parties. By using this email platform, you accept full responsibility for any risks that may arise from its use.
If you "Proceed", the link will open in a new window.
Today’s interconnected world provides incredible opportunities and advantages to individuals and business owners alike. Technology has enabled businesses of all sizes to operate on a global scale. The internet, e-commerce platforms, and other forms of technology have broken down geographical barriers, allowing businesses to connect with customers, partners, and vendors worldwide, expand their market reach, and unlock revenue streams previously unattainable to them.
This ultra convenience of worldwide connectivity comes with a price – it has also created a landscape ripe for bad actors with ill intentions. Criminals today may look different than in years past, but they still want the same thing: to cause hard-working folks to part with their hard-earned funds- for their benefit. Cybercrime has grown exponentially and is no longer something we can just “wish away.” We must be vigilant in stopping cybercriminals from succeeding. Let’s look at some of the eye-opening cybercrime statistics and how to devise a multi-layered approach to combat cybercrime.
Financial losses from cybercrime exceeded $16 billion in 2024 of which over $1 billion occurred in Florida, according to the FBI’s 2024 Internet Crime Report. This represents a 33% increase in losses from 2023. Phishing and spoofing attacks had the most complaints, followed by extortion and personal data breaches. Investment fraud, especially involving cryptocurrencies, reported the highest dollar loss at more than $6.5 billion.
Approximately 90% of chief information security officers in the United States thought their companies were at risk of a cyberattack, according to a survey by the software company Statistica. The consensus was that human error was their most significant cyber liability. Among company executives, financial losses, disruption of operations, and the impact it could have on a company’s value were top concerns.
A major concern for companies is the rise in Business Email Compromise (BEC) scams, a type of phishing attack where the fraudster impersonates a legitimate business or individual to trick the recipient into taking actions that benefit the attacker, such as wiring money or revealing sensitive information. Such attacks can be difficult to detect because they typically rely on social engineering or computer intrusion methods rather than malware.
BECs were in the top three types of losses in 2024 and led to the FBI’s Financial Fraud Kill Chain which started in 2018. The kill chain is a cooperative effort between law enforcement and financial institutions to freeze wire transfers by victims after they’ve fallen prey to a scammer. In 2024, $92.5 million in wires were frozen, with a 66% success rate.
Kevin Schmick, Senior Vice President and Chief Information Security Officer at Cogent Bank, says every company is vulnerable these days, no matter its size. While larger companies have deeper pockets and more data that thieves would like to tap into, these companies also have the resources needed to protect their systems. Of course, they also have more people who could make a mistake by clicking on the wrong link or downloading malicious software.
Smaller companies may be less attractive to scammers in terms of potential reward, but they also might not be as well protected and thus an easier target. In fact, 46% of all cyber breaches impacted companies with fewer than 1,000 employees. Regardless of the size of your operations, there’s a high likelihood that there is a hacker out there trying to break in. Let’s look at important considerations to protect your business and team.
Schmick says every business needs a multi-layered approach to protect their data and digital infrastructure, starting with multifactor authentication (MFA). The increasing use of cloud computing and the Software as a Service (SaaS) delivery model where software applications are hosted by a provider and accessed over the internet, makes MFA a must-have for anyone concerned with digital security.
With multifactor authentication, you can approve access to email and other accounts or applications by entering a code received via authentication app. Even if someone hacked or guessed your password, this additional step for MFA authentication could stop them from accessing your account.
“I encourage our staff to use an authenticator app, whether it’s Microsoft or Google; there are a ton of them out there,” Schmick says. “You want a layered approach for your accounts, including your Microsoft accounts as well as all your other SaaS applications. All accounts should have MFA turned on.”
He says most companies with SaaS applications have them integrated with their Microsoft 365 tenant, which allows for a single sign-on to access other services. This makes it more convenient for employees where MFA is integrated into their Microsoft service and there is no need for a separate account for that SaaS. He also recommends maximizing the use of the built-in security settings within your network by controlling who has access to your servers and where the access is coming from.
Schmick points out that given the reliance of cloud computing and SaaS, it’s also important to take a close look at any vendor your business hires. “Since SaaS is internet-based, you must do your due diligence to determine where they are hosting that infrastructure. Who has access to that infrastructure? “
It is important to review their System and Organization Controls 2 (SOC 2) reports, a third-party audit that confirms a company’s compliance with digital security and privacy standards set by the American Institute of Certified Public Accountants (AICPA). Schmick noted that not every SaaS provider will have a SOC2 report, but these reports are common within the financial services industry. The following are examples of areas of the report to assess:
Schmick encourages “Don’t be afraid to ask questions and address any concerns.”
A virtual private network (VPN), endpoint detection and response (EDR), and firewalls are software that can add extra layers of security to your network. A VPN encrypts all the data that flows to and from your devices to protect your information and your privacy. It also conceals your Internet address. This makes it hard for hackers to access your data, which is especially helpful in the age of mobile digital devices.
Schmick says VPNs are increasingly using zero trust architecture that lets companies limit the kind of resources that employees have access to, such as which servers each of them can use and the types of websites they can visit.
An EDR, also known as endpoint threat detection and response (ETDR) provides digital security by monitoring all data activity to watch for potential threats such as malware, spyware, and viruses. When it detects a threat, it automatically responds to remove or contain the issue and notify your digital security team.
Schmick says these programs are relatively easy to install, and most home users can rely on their default settings to protect their systems but recommends going through the configurations that adhere with your organization’s policies. Many companies hire a company that specializes in digital security to install and configure these programs to ensure maximum use of their capabilities.
There are EDR programs which will let a company specify the types of devices and brand names that will work within a particular network. “For example, if they have a specific make and model of a USB thumb drive that they want to use, they could block all other USB models,” Schmick says. “Typically, they would hire a third-party IT company to do that.”
A firewall is like a filter for your Internet connections. It limits the type of data which flows to and from your systems to block any traffic it considers to be malicious or suspicious. It stops authorized access to your network by outside parties and keeps those within your network from accessing certain websites that could expose your network to malware and other threats.
As mentioned above, BEC fraud is a growing problem for businesses. Scammers use artificial intelligence to create very convincing emails that pull information from a variety of sources, such as the web and social media. Schmick recommends that companies use at least one type of data loss prevention (DLP) software, which can help prevent data breaches and the inappropriate transfer or use of sensitive data.
“Technology is available that can monitor the email system and look for those patterns,” Schmick says. “It goes through and searches for malicious emails, which are then sent to a quarantine mailbox.” The DLP software can provide users with a list of quarantined emails, and the user can contact the helpdesk to release those emails into their inbox
Schmick says companies should also set up layers of email authentication to block phishing attempts and BEC attacks. “There are three email authentications that you should set up to enforce and prevent spoofing of your domain,” Schmick says. “They’re extra security measures that you can take when configuring your email, to help prevent phishing and spoof emails.”
There are email authentication methods that can help prevent unauthorized users from sending emails using a company’s web address and block fraudulent emails.
• Sender Policy Framework (SPF): creates a list of approved addresses that a company’s servers send emails from, like an employee email directory. It can block spoofing and phishing emails, stopping scammers from sending emails to your employees that look like they are coming from within the company.
• DomainKeys Identified Mail (DKIM): is a type of digital signature that attaches to an email and is verified using cryptography to verify that it came from the company’s web address.
• Domain-based Message Authentication Reporting and Conformance (DMARC): controls how a server routes emails that have been filtered through the SPF and DKIM and whether they’re delivered or quarantined. It also allows users to notify their administrators if legitimate emails are blocked or marked as spam.
While companies should persevere to prevent malware and ransomware attacks, they should also have a plan in place for addressing them. Would they pay the ransom? Would it matter how much the fraudster is demanding, or how many of their systems are impacted? Some companies and individuals pay the hackers to get their data and computers unlocked; others refused to pay and opted to restore their data from backup systems. One significant factor is whether a company is insured for a cyberattack, and whether the insurance company will cover part or all of the loss.
“Law enforcement is going to tell you not to pay the ransom, just restore from backup and do what you need to do, because there could be some bad actors that you’re paying the ransom to,” Schmick says. “My professional opinion is that it’s up to each company to assess the situation with their cyber insurer, follow their policies and evaluate how severe the attack is.”
He recommends that every company conduct tabletop exercises to figure out how it would respond to different situations – who would make the decisions, and how they would be implemented? This is something financial institutions, including Cogent Bank, do regularly- develop contingency plans for all types of risks, such as cyberattacks, fires, power outages, and other disasters.
Even the best digital security methods and software can’t protect your business from what could be the weakest link in any system—human error. While companies routinely have security training for new employees, Schmick says cybersecurity awareness training must be an ongoing effort, with cybersecurity exercises and regular email phishing simulations.
With a phishing simulation, someone on the IS staff or an outside provider creates a fake phishing email like those scammers would send. The email may claim to be from someone within the company, such as human resources or the CEO, to trick an employee into clicking on a link, downloading a file, or revealing sensitive information. This serves as ongoing training, teaching employees to detect fraudulent emails and report them to your digital security team. It can also help identify which employees need more training on cybersecurity protocols.
Another way to keep your business financially protected is by working with a bank that takes security seriously. At Cogent Bank, we have business banking products and treasury management services to make your financial transactions as seamless and secure as possible. We’re headquartered in Florida with locations throughout the state to serve you. Reach out today to discover how we can partner with you in moving your business forward.
Disclaimer: The information contained herein is for informational/educational purposes only. The views and opinions expressed in this document may be those of the individuals and may not necessarily reflect those of Cogent Bancorp and its subsidiaries and affiliates, or the entities they may represent. Content contained herein may be used in connection with the advertising and/or marketing of products offered by Cogent Bank or Cogent Private Wealth. The material is not intended to provide or substitute for legal, tax, or financial advice or to indicate the availability or suitability of any Cogent Bank product or service. You should consult with a legal, financial, tax, or other appropriate professional(s) for your specific needs and/or objectives before making any decisions.
